Reuhs, a lawyer who specializes in insurance and risk management issues, hosted a session on cybersecurity at the Heating, Air-conditioning and Refrigeration Distributors International’s Dec. 3-6, 2016, conference at the Broadmoor resort in Colorado Springs, Colorado. The problem is widespread, Reuhs said. 

“In the last year and a half, we have had 50 to 60 clients who have had cybersecurity events,” he said. 

Cybersecurity thieves don’t discriminate in choosing victims. 

“They’re trying every door in town and they’re going to choose the weakest one,” he said. “The ‘sexiness’ of your business doesn’t matter.” 

Small businesses are especially vulnerable, and the aftereffects can be embarrassing, he added. You probably have more confidential information stored on your computers than you realize. 

“Imagine if someone read six months of your emails,” he said. They would probably learn a lot about you — your family, travel schedule, possibly confidential company information. 

It can lead to “ransomware,” where your company’s computers or other confidential information is held hostage unless you pay to have control given back to you. It’s so common, many insurance policies will cover the ransom payment. 

“It’s not ‘Dr. Evil’ — they’re not asking for a million dollars,” Reuhs said, referring to the character in the “Austin Powers” movies. “It’s a number that’s just small enough to make you wonder, ‘Should we just pay it?’”

You need a cybersecurity program, he said. It doesn’t have to be as elaborate as what a multibillion-dollar company would use, but it’s a necessity. 

“It’s not that hard to protect this stuff if you’ve inventoried it,” he said.